Commit Graph

854 Commits (4e011f24785f22ca3b98cb9a7248753ea0a02b7a)

Author SHA1 Message Date
Alexandre Dulaunoy 4e011f2478
chg: [regexp] fixed 2021-02-19 21:56:35 +01:00
Alexandre Dulaunoy 016f9e58af
chg: [regexp] added Farsight Compatible Regular Expressions (FCRE) added
Ref: https://docs.dnsdb.info/dnsdb-fcre-reference-guide/#farsight-compatible-regular-expressions-fcre
2021-02-19 18:03:23 +01:00
Alexandre Dulaunoy 36994fda1e
fix: [splunk] fixed 2021-02-15 15:10:20 +01:00
Alexandre Dulaunoy cb73cfaf49
chg: [splunk] object updated 2021-02-15 14:43:44 +01:00
marcnil815 f3830e044a
Update definition.json
Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches.
2021-02-15 14:13:17 +01:00
Alexandre Dulaunoy 84df20e51f
new: [windows-service] windows-service object added 2021-02-13 17:01:44 +01:00
Alexandre Dulaunoy 2b1c3532dc
chg: [report] add a link field to the report object template 2021-02-04 11:03:01 +01:00
Raphaël Vinot 3d3d40e6c0 fix: keys order in VT object 2021-02-02 15:31:00 +01:00
Raphaël Vinot 625684684a chg: Disable correlation in VT objects 2021-02-02 15:25:13 +01:00
Alexandre Dulaunoy 160c39d91e
chg: [url] jq all the things 2021-02-02 11:57:41 +01:00
Raphaël Vinot 82c217781f chg: allow multiple IPs in URL object 2021-02-02 11:39:37 +01:00
Terrtia 4f50074ba7
chg: [telegram-account] required attributes 2021-01-26 11:39:22 +01:00
Alexandre Dulaunoy eedcc2d5af
chg: [telegram-account] fixes 2021-01-26 10:30:30 +01:00
Alexandre Dulaunoy ca247d8c2a
new: [telegram-user] basic telegram user
Ref: https://core.telegram.org/constructor/user

More could be added in the future
2021-01-26 10:27:35 +01:00
Raphaël Vinot 1e14201fc0 chg: Update objects to match lief output for authenticode 2021-01-19 15:38:31 +01:00
Alexandre Dulaunoy fd7c05d74b
chg: [jarm] jq all the things 2021-01-05 14:49:34 +01:00
Alexandre Dulaunoy 8d08dc52d0
chg: [jarm] jarm type is jarm-fingerprint 2021-01-05 14:48:06 +01:00
Alexandre Dulaunoy 8753de0e1e
new: [jarm] new jarm object to describe TLS/SSL implementation matching
a jarm fingerprint
2021-01-05 14:44:46 +01:00
Alexandre Dulaunoy 2cb16e7be0
chg: [trustar_report] Updated to add "THREAT_ACTOR"
Fixing #273
2021-01-05 09:30:28 +01:00
Alexandre Dulaunoy d6d515d3d8
chg: [yara] disable correlations on some fields 2020-12-30 14:46:04 +01:00
Alexandre Dulaunoy 4d1c42e491
chg: [crypto-material] add a public field for public cryptographic materials 2020-12-30 14:21:37 +01:00
Alexandre Dulaunoy 3650498630
chg: [favicon] jq all the things 2020-12-27 16:21:09 +01:00
Alexandre Dulaunoy 179bd48bec
chg: [favicon] A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular web
site or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation.
2020-12-27 16:19:04 +01:00
Alexandre Dulaunoy b71e7c3458
chg: [twitter-post] jq 2020-12-20 10:52:40 +01:00
Alexandre Dulaunoy 8eae725e49
fix: [twitter-post] underscore - minus are difficult to choose from ;-) 2020-12-20 10:41:39 +01:00
Alexandre Dulaunoy ed1ceebdf4
chg: [jq] all the things 2020-12-20 10:37:14 +01:00
Alexandre Dulaunoy 85e37b360e
Merge pull request #302 from ater49/main
Adding fields in twitter-post and paste
2020-12-20 10:34:11 +01:00
Alexandre Dulaunoy 413a2618b6
Merge pull request #303 from seamustuohy/pymisp-pr/631
Updated for support for msg format.
2020-12-20 10:30:04 +01:00
seamus tuohy 7e65e5dfaf Updated for support for msg format.
Adding first class support for Emails in .msg format to the email definition.
This includes making the  attribute support multiple bodies. Msg formats
nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html).
2020-12-19 17:03:26 -05:00
ater49 a410c7c7a6 Typo and version number correction + adding a field in twitter-post
Adding created-at field in twitter-post
2020-12-14 23:01:12 +01:00
ater49 a47ba8c5b8 Add media in twitter-post in order to store attached medias in a tweet
Add pastebin.fr in source of paste and paste_file for storing whole
paste file.
2020-12-14 22:25:58 +01:00
Alexandre Dulaunoy f517d6691c
Merge branch 'main' of github.com:MISP/misp-objects into main 2020-12-10 19:13:07 +01:00
Alexandre Dulaunoy 499392ca0a
chg: [domain-ip] hostname added as an attribute 2020-12-10 19:12:33 +01:00
Beaujeant a65aa06859 chg: can have mutliple text attributes 2020-11-25 16:17:54 +01:00
Alexandre Dulaunoy 9185d69d14
chg: [jq] all the [things] 2020-11-24 11:48:22 +01:00
Steve Clement 506116f0ac
chg: [json] sort 2020-11-24 14:58:19 +09:00
Steve Clement dd6ebe5385
new: [sh] Added process state 2020-11-24 14:55:47 +09:00
Steve Clement 4997dc575c
Merge remote-tracking branch 'upstream/main' into process 2020-11-24 14:45:04 +09:00
chrisr3d 0a3e94839c
add: [passive-dns] Added a raw_rdata object relation 2020-11-13 20:09:46 +01:00
chrisr3d 903935c1fe
chg: Using the actual attribute type for cpe and weakness instead of text 2020-10-22 22:11:50 +02:00
Alexandre Dulaunoy 27a554ab12
chg: [cpe-asset] updated 2020-10-16 12:31:44 +02:00
Alexandre Dulaunoy 89f4f6dbc1
new: [cpe-asset] an asset as defined with a CPE value
This object was created to support the use-case of pisax.org for the
following use-case:

 - They define well-known assets which are used by IXPs and GRXs via
 their CPEs;
 - The assets are defined in a set of fixed/master MISP events;
 - Those events are used to query NVD/CVE database via cve-search
 (https://github.com/cve-search/cve-search) using a PyMISP script
 - Then the CVEs matching the CPE are added in MISP and dispatched to the
 sharing community of users as specific MISP events.

Ref: PISAX - pan-European Information Sharing and Analysis Center (ISAC) to IXPs and GRXs
Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf ((NIST Interagency Report 7695))
2020-10-16 09:21:40 +02:00
Alexandre Dulaunoy 141a8d2e2f
chg: [vulnerability] fixed 2020-10-15 22:49:29 +02:00
Alexandre Dulaunoy 25c888cecb
chg: [vulnerability] vulnerable_configuration are now cpe type 2020-10-15 22:40:50 +02:00
Alexandre Dulaunoy 5c935172ea
chg: [file] because sorted is always better 2020-10-13 22:47:10 +02:00
Alexandre Dulaunoy 0196285c0f
chg: [file] imphash and telfhash added 2020-10-13 22:46:24 +02:00
Alexandre Dulaunoy 8ee7728e84
chg: [gitlab-user] because -r is important 2020-10-07 09:20:54 +02:00
Alexandre Dulaunoy b4d21455fd
new: [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template 2020-10-07 09:13:29 +02:00
Richard Hallick f6f419cadc Addition of Intel 471 vulnerability intelligence object
Intel 471 object to contain structured vulnerability related data.
2020-09-23 13:20:33 +01:00
Richard Hallick f116494ac9 Addition of intel471-vulnerability-intelligence object
Intel 471 object to contain structured vulnerability related data.
2020-09-23 13:02:02 +01:00